Is Huawei a security threat? Seven experts weigh in

The United States government is cracking down hard on Huawei. Lawmakers and intelligence officials have claimed the telecommunications giant could be exploited by the Chinese government for espionage, presenting a potentially grave national security risk, especially as the US builds out its next-generation 5G network. To meet that threat, officials say, they’ve blocked government use of the company’s equipment, while the Justice Department has also accused Huawei’s chief financial officer of violating sanctions against Iran, and the company itself of stealing trade secrets.

Huawei’s response has been simple: it’s not a security threat. Most importantly, the company’s leaders have said the US has not produced evidence that it works inappropriately with the Chinese government or that it would in the future. Moreover, they say, there are ways to mitigate risk — ones that have worked successfully in other countries. Huawei’s chairman has even gone so far as to call the US government hypocritical, criticizing China while the National Security Agency spies around the globe. The company has also denied any criminal wrongdoing.

Huawei’s response has been simple: it’s not a security threat

Earlier this month, Huawei upped the stakes again. In a lawsuit, the company asked a court to find that the US government’s ban on its products is unconstitutional. Huawei’s rotating chairman said that, after failing to convince US lawmakers that its products were secure, they had “no choice” but to make a legal challenge.

Regardless of how the suit shakes out, it will hardly be the last volley in the ongoing battle. Is the US right to target Chinese equipment makers like Huawei, or has the company, as it maintains, been unfairly maligned? The Verge convened experts, from prominent China-watchers to Sen. Marco Rubio, to give their views.

If one views 5G telecommunications networks as critical infrastructure, then the lack of smoking-gun evidence that a company has previously rigged its hardware at the behest of a foreign government is not dispositive of whether to allow that company’s equipment in 5G networks. The question is whether the risks of espionage or sabotage are unacceptably high, which depends in part on whether the company can credibly claim to be independent of the foreign government in question. This may help to explain why Western governments broadly agree that Huawei poses security risks, even as they may differ over how to manage or mitigate those risks.

Sen. Marco Rubio (R-FL)

Huawei is a Chinese state-directed telecom company with a singular goal: undermine foreign competition by stealing trade secrets and intellectual property, and through artificially low prices backed by the Chinese government. The Communist Chinese government poses the greatest, long-term threat to America’s national and economic security, and the US must be vigilant in preventing Chinese state-directed telecoms companies, like Huawei and ZTE, from undermining and endangering America’s 5G networks. Future, cutting-edge industries like driverless vehicles and the Internet of Things will depend on this critical technology, and any action that threatens our 21st-century industries from developing and deploying 5G undoubtedly undermines both our national and economic security.

I am not sure we can trust an audit on Huawei any more than we can trust the Chinese government to hand over intelligence showing they do not steal intellectual property from American companies. No audit can reveal a future order from the Chinese government to turn over data to them. The US must develop a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains. We must also recognize that the continued threat posed by the Chinese government’s assault on US intellectual property, US businesses, and our government networks and information has the full backing of the Chinese Communist Party.

Qing Wang, professor of marketing & innovation, University of Warwick

Is Huawei a security threat? There is no hard evidence to support this notion, and some of the reasons put forward for this notion are weak. For example, the background of the chairmen of Huawei. Huawei founder Mr. Ren Zhengfei once served in the People’s Liberation Army. As we know, serving in the army was one way of getting out of poverty for people in the countryside, which is where Mr. Ren is from. His time in the army was a short one and he was not in any important position.

“Is Huawei a security threat? There is no hard evidence to support this notion”

In terms of the background of the company, unlike state-owned enterprises such as China Mobile and China Railway Corporation, Huawei is a private enterprise, like Alibaba, Tencent, and Haier, that emerged from the economic reform of China in the 1980s. These enterprises would have never existed, let alone grew, if there was no economic reform and move from planned economy to market economy. State-owned enterprises operate differently from private enterprises. The CEOs of state-owned enterprises are government officials and are directly appointed by the government; they are the products of the old communist legacy. On the other hand, the CEOs of the private enterprises are either the founders themselves, or their offspring who succeed their family businesses. These enterprises have developed their technological capabilities and business acumen through market mechanisms both inside and outside China, and adopted the same business practice and competed with their Western counterparts without preferential treatment from the government. At most, government resources and supports are directed to the state-owned enterprises because they are no longer fit for the new market economy.

For someone like me who has studied emerging market enterprises for decades, Huawei is the textbook case of a great company in the making; unfortunately, it has fallen victim to the anti-globalization policy and sentiment of the US and the ongoing trade war with China. Huawei has been accused of close or even dubious relationships with the Chinese government — hence, a security threat to the Western world. It is true that now that these companies have become competitive in the global market, creating jobs and tax revenue for the government, the government is keen to see that their success can continue. If anything, it is in the interest of Huawei and the government to see the reputation and technological leadership continue rather than being ruined by scandals such as espionage.

Sen. Mark Warner (D-VA)

There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party — and Huawei, which China’s government and military tout as a “national champion,” is no exception. Allowing Huawei’s inclusion in our 5G infrastructure could seriously jeopardize our national security and put critical supply chains at risk. It could also undermine U.S. competitiveness at a time when China is already attempting to surpass the U.S. technologically and economically through the use of state-directed and state-supported technology transfers.

This is not about finding “backdoors” in current Huawei products — that’s a fool’s errand. Software reviews of existing Huawei products are not sufficient to preclude the possibility of a vendor pushing a malicious update that enables surveillance in the future. Any supposedly safe Chinese product is one firmware update away from being an insecure Chinese product.

Nicholas Weaver, staff researcher, University of California, Berkeley

Sabotage can be really, really subtle. There are entire contests around how you make sabotage almost undetectable, such as the “underhanded C contest.” It is even more so in hardware. For example, you could sabotage the cryptographic random number generator so that if you knew the secret you could predict it, but if not, you can’t.

“Sabotage can be really, really subtle”

This is worse in telecommunications systems, as those systems are specifically designed to be wiretapped, so a little bit of sabotage in the specific wiretap-enabling routines and it would be very, very hard to detect. Plus, you also have the manufacturing: just because the design is what you “certified” doesn’t mean that the thing you buy is what you certified. A single microscopic difference: the addition of a small sabotage chip, and now you lose all your assurances.

Francis Dinha, CEO of OpenVPN

The US is right to treat Huawei as a security threat, but I don’t believe any ban on any equipment is the right solution. No matter what equipment we use for 5G, there will be security risks. With such an exponentially higher amount of data, there will inherently be an exponentially higher risk. But taking a competitor out of the market could lead other companies to get complacent, which would mean US innovation and development could be slowed — which presents an even more severe security risk overall.

Rather than relying on our network to be secure, we ought to seriously consider building an overlay secure virtual network across the 5G infrastructure that could provide end-to-end security, controlled and managed by the 5G network operators. We need guidelines to improve network security, and we need to push to make software for this equipment open-source. Open-source means transparency and security, which is exactly what we need as we move to 5G.

Huawei is a risk, certainly — but there are other ways besides a ban to mitigate that risk. No matter who is making our 5G equipment, we need to be proactive about cybersecurity.

William Snyder, professor of law, Syracuse University

Huawei is a threat to US national security, but that misses the bigger point. Vulnerabilities in the supply chain of network hardware and software is, has been, and will continue to be a threat to the national security of the United States and many other countries, including China. It remains very difficult to audit that a chip with millions of embedded transistors or software with millions of lines of code does only what consumers know and consent to it doing. Even if Huawei is not committing the sort of crimes for which a US grand jury indicted it, any company that supplies such a large percentage of the market for components of telecommunications networks and has such ties to the People’s Liberation Army is a threat. Huawei’s need to operate under Chinese laws about cooperation with Chinese military and intelligence agencies is of concern.

“Huawei’s status as a threat is hardly unique”

Huawei’s status as a threat is hardly unique. Not only are other Chinese companies such as ZTE and China Mobile embedded in the supply chain, but so are those of other countries. Huawei itself buys components from major US firms, including Qualcomm. Those companies are subject to US laws concerning cooperation with US intelligence agencies. Given the essentially free market economy of the United States, rarely, if ever, will a US company be as closely tied to the government as Chinese companies are. Still, if you are a security policymaker of a nation like India — with several times the population of the US — wouldn’t you worry about how many major militaries have back doors into your networks?

As long as conflict occurs at the nation-state level while critical cyber networks are designed and manufactured internationally, we all must be very careful. This is a systemic problem. Currently, Huawei’s size and ties to the PLA make it the focus of concern. In the future, another supply chain threat will take center stage.